Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector » Get started: Understand and use the Collector » Tutorial: Use the Collector to send container logs to Splunk Enterprise » Part 3: Deploy and verify the environment

Part 3: Deploy and verify the environment 🔗

Now that you configured the necessary services, the Collector components, and the Splunk instance, deploy and verify the log collection pipeline. For an overview of the tutorial, see Tutorial: Use the Collector to send container logs to Splunk Enterprise.

Deploy the log collection services 🔗

The next step is to run the docker-compose.yml file that you created in Part 1.

  1. From a terminal, navigate to the log-collection directory.

  2. If you are a macOS user with a Silicon chip, you must run the following command, as there is no arm64 version of the splunk/splunk image:

    export DOCKER_DEFAULT_PLATFORM=linux/amd64

  3. Start the log collection services defined in the docker-compose.yml file, which can take from 1 to 2 minutes to start:

    docker-compose up -d

    Verify that your output matches the following example:

    [+] Running 5/5
✔ Network docker-tutorial_default  Created                                                                                                               0.0s
✔ Container splunk                 Healthy                                                                                                              77.1s
✔ Container otelcollector          Started                                                                                                              77.2s
✔ Container logging2               Started                                                                                                              77.5s
✔ Container logging1               Started                                                                                                              77.5s

Verify the log collection pipeline 🔗

Next, verify that everything works as expected. Follow these steps to check that the Collector gathered the logs and sent them to the Splunk Enterprise service.

  1. In your web browser, go to http://localhost:18000.

  2. Log in to Splunk Web using the following credentials:

    • Username: admin

    • Password: changeme

  3. In the left navigation menu, select Search & Reporting.

  4. In the search bar, search the index1 index to view the logs from the logging1 service:

    index=index1

    The search results show that only the logs from the logging1 service are stored in the index1 index:

    A view of the search result for the index1 index.

  5. In the search bar, search the index2 index to view the logs from the logging2 service:

    index=index2

    The search results show that only the logs from the logging2 service are stored in the index2 index:

    A view of the search result for the index2 index.

  6. To terminate the log collection environment, stop the running services with Docker Compose:

    docker-compose down

    Verify that your output matches the following example:

    [+] Running 5/5
✔ Container logging2               Removed                                                                                                              10.3s
✔ Container logging1               Removed                                                                                                              10.3s
✔ Container otelcollector          Removed                                                                                                               0.2s
✔ Container splunk                 Removed                                                                                                              10.9s
✔ Network docker-tutorial_default  Removed                                                                                                               0.1s

This completes the tutorial. You configured a multicontainer environment that uses the Collector to process container logs and send them to a Splunk Enterprise server.

Learn more 🔗

This page was last updated on Jul 09, 2024.